diff --git a/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go b/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
index 9b5c26764..8b3eae986 100644
--- a/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
+++ b/owasp-top10-2016-mobile/m5/panda_zap/server/routes/user.go
@@ -108,7 +108,7 @@ func (es *EchoServer) GetUserKeyV2(c echo.Context) error {
 
 	es.Logger.Info(fmt.Sprintf("User '%s' key found in the database", username))
 
-	return c.JSON(http.StatusOK, keyToBeReturned)
+	return c.JSON(http.StatusForbidden, map[string]string{"result": "fail", "message": "Key retrieval is not supported"})
 }
 
 // UpdateUserMessages attempts to update messages from a given user.